Page 1 of 1

redirection help?

Posted: Sun Jan 11, 2004 2:42 am
by bumple
Hey all, I have a bit of code that I would like to show you, that yields odd results, I'll ask my question after this:

[syntax=php]<?php
require 'db.php'; //database connect script...includes session_start() and $logged_in

if(!$logged_in) {
?> </p>
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">

<input type="text" name="uname" maxlength="40"><br>
<input type="password" name="passwd" maxlength="50><br>
<input type="submit" name="submit" value="Log in!">

</form>
<?php
}
if (isset($_POST['submit'])) { // if form has been submitted


/* check they filled in what they were supposed to and authenticate */
if(!$_POST['uname'] | !$_POST['passwd']) {
die('You did not fill in a required field.');
}

// authenticate.

if (!get_magic_quotes_gpc()) {
$_POST['uname'] = addslashes($_POST['uname']);
}

$check = $db_object->query("SELECT username, password FROM users WHERE username = '".$_POST['uname']."'");

if (DB::isError($check)) {
die('That username does not exist in our database.');
}

$info = $check->fetchRow();

// check passwords match

$_POST['passwd'] = stripslashes($_POST['passwd']);
$info['password'] = stripslashes($info['password']);
$_POST['passwd'] = md5($_POST['passwd']);

if ($_POST['passwd'] != $info['password']) {
die('Incorrect password, please try again.');
}

// if we get here username and password are correct,
//register session variables and set last login time.

$date = date('m d, Y');

$update_login = $db_object->query("UPDATE users SET last_login = '$date' WHERE username = '".$_POST['uname']."'");
$_POST['uname'] = stripslashes($_POST['uname']);
$_SESSION['username'] = $_POST['uname'];
$_SESSION['password'] = $_POST['passwd'];

header("Location: <a href="http://www.example.com/login_success.php" target="_blank">http://www.example.com/login_success.php</a>");
}
?>[/syntax]

With this, when I am not logged in, it shows the text fields perfectly. When I log in with the right username and password, it takes me back to the same exact page with the textfields...and if I type in the wrong information, it will execute the correct if statement (i.e. it will echo "Your password is incorrect")...

Anybody know what's wrong?

THANKS! -bumple.

Posted: Sun Jan 11, 2004 5:43 am
by fastfingertips

Code: Select all

<?php
header("Location: <a href="http://www.example.com/login_success.php" target="_blank">http://www.example.com/login_success.php</a>"); 
?>
This is wrong, you must write that in this form:

Code: Select all

<?php
header("Location: http://www.example.com/login_success.php");
?>